Hello Gabino, Thursday, April 15, 2004, 4:15:49 PM, you wrote:
GT> seems to be the common behavior. Is there a way someone can extract my php GT> file without this transformation? In a nutshell - no. Not without your server being compromised (i.e. hacked into or misconfigured). GT> One of the things I'm starting with is a simple blog/guestbook. I have a GT> couple form fields and I strip_tags ... what else should I be doing? I want GT> to leave the guestbook pretty open, so I don't want a sign-in and GT> confirmation thingie. I don't even mind anonymity, cuz I can edit the GT> comments later if I want. Check for SQL injection possibly? (assuming you are even using SQL) and make sure you addslashes (or test to see if that is being done for you) and that's about it. Depends how "anal" you want the script to be though :) I mean you could check everything.. from strings to integers, to string length, to IP address (flood control), to duplicate entries, etc etc etc. Really a "how long is a piece of string" scenario here. -- Best regards, Richard Davey http://www.phpcommunity.org/wiki/296.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
